Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 Feb 2003 05:14:46 -0800
From:      "David P. Reese Jr." <daver@gomerbud.com>
To:        "Jacques A. Vidrine" <nectar@FreeBSD.org>
Cc:        current@FreeBSD.org
Subject:   Re: pam is chatty when logging in via ssh
Message-ID:  <20030203131446.GA95050@tombstone.localnet.gomerbud.com>
In-Reply-To: <20030203121303.GC69322@opus.celabo.org>
References:  <20030203095445.GA93804@tombstone.localnet.gomerbud.com> <20030203121303.GC69322@opus.celabo.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 03, 2003 at 06:13:03AM -0600, Jacques A. Vidrine wrote:
> On Mon, Feb 03, 2003 at 01:54:45AM -0800, David P. Reese Jr. wrote:
> > On current as of about four hours ago, sshd spits the following to the console
> > after a successful login:
> > 
> > Feb  3 01:41:29 metropolis sshd[550]: in _openpam_check_error_code(): pam_sm_setcred(): unexpected return value 24
> > 
> > It seems harmless, but pam doesnt sound happy.  I did notice that mergemaster
> > updated /etc/pam/sshd by adding some krb5 lines.
> 
> That's odd.  Assuming that pam_krb5 is the module which is returning
> `24', I fixed that 4 days ago (Wed Jan 29 21:20:38 2003 UTC).  Are you
> certain you have rebuilt pam_krb5?  What is the output of `ident
> /usr/lib/pam_krb5.so' (should show revision 1.13 or later).

I cvsuped again to get des's recent changes and built world.  After a fresh
install, when trying to ssh in i get:
Feb  3 05:02:36 metropolis sshd[3695]: in openpam_load_module(): no pam_krb5.so found 
Feb  3 05:02:36 metropolis sshd[3695]: fatal: PAM: initialisation failed

It seems that {build,install}world forgot about pam_krb5.

[daver@metropolis:~]$ ll /usr/lib/pam_krb5* 
ls: /usr/lib/pam_krb5*: No such file or directory
[daver@metropolis:~]$ cd /usr/src/lib/libpam/modules/pam_krb5/
[daver@metropolis:/usr/src/lib/libpam/modules/pam_krb5]$ sudo make clean obj all install
...
[snip]
...
[daver@metropolis:/usr/src/lib/libpam/modules/pam_krb5]$ ll /usr/lib/pam_krb5* 
lrwxr-xr-x  1 root  wheel     13 Feb  3 05:05 /usr/lib/pam_krb5.so@ -> pam_krb5.so.2
-r--r--r--  1 root  wheel  19432 Feb  3 05:05 /usr/lib/pam_krb5.so.2

Then we try to ssh into the machine and,
Feb  3 05:08:14 metropolis sshd[3750]: in openpam_load_module(): no pam_krb5.so found 
Feb  3 05:08:14 metropolis sshd[3750]: fatal: PAM: initialisation failed

[daver@metropolis:~]$ ident /usr/lib/pam_krb5.so|grep pam_krb5
/usr/lib/pam_krb5.so:
     $FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.c,v 1.15 2003/02/03 09:45:41 des Exp $

> The `four hours' does indeed correspond to DES's enabling of pam_krb5
> by default in etc/pam.d/sshd.

As a workaround, i can disable krb5 by commenting out the two lines in
/etc/pam.d/sshd which contain pam_krb5.so.  Then ssh works just fine.

-- 

   David P. Reese Jr.                                      daver@gomerbud.com
   --------------------------------------------------------------------------
   C 
      You shoot yourself in the foot. 
   Assembler
      You try to shoot yourself in the foot, only to discover you must first
      invent the gun, the bullet, the trigger, and your foot. 

                                            How to Shoot Yourself in the Foot
                                        <http://www.m5p.com/~pravn/foot.html>;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030203131446.GA95050>